Forensically Sound Acquisition
EnCase® Forensic produces an exact binary duplicate of the original drive or media, then verifies it by generating MD5 hash values for related image files and assigning CRC values to the data. These checks and balances reveal when evidence has been tampered with or altered, helping to keep all digital evidence forensically sound for use in court proceedings or internal investigations.

Improved Productivity
Examiners can preview results while data is being acquired. Once the image files are created, examiners can search and analyze multiple drives or media simultaneously.

Automated de-NISTing Capabilities
The National Software Reference Library (NSRL) is provided in the EnCase hash library format, allowing user to easily de-NIST their evidence, eliminating thousands of known files from their evidence set. This reduces the time and amount of data that needs to be analyzed significantly.

Customizable and Extensible with EnScript®
EnCase® Forensic features EnScript® programming capabilities. EnScript®, an object-oriented programming language similar to Java or C++, allows users create to custom programs to help them automate time-consuming investigative tasks, such as searching and analyzing specific document types or other labor-intensive processes and procedures. This power can be harnessed by any level of investigator the “Case Developer” or one of the numerous built-in filters.

Automatic Reports
Export reports with lists of all files and folders along with detailed list of URLs, with dates and time of visits. Provide hard drive information and details related to the acquisition, drive geometry, folder structure, etc.

Actionable Data
Once investigators have identified relevant evidence, they can create a comprehensive report for presentation in court, to management or stakeholders in the outcome of the investigation.

Integration to Passware Kit Forensic
Use the Evidence Processor to automate the detection of encrypted files. Once the files are decrypted by Passware Kit Forensic* they can be easily integrated back into EnCase Forensic for further analysis.
*Passware Kit Forensic license sold separately. Contact Sales for more information.

Enhanced Windows Operating System Support
Version 7.06 supports Windows 8 and Server 2012 operating systems. This support allows you
to perform dead-box investigations and aids in the deployment of servlets to live-boxes. EnCase
Forensic also provides support for:

Macintosh Logical Volumes
EnCase Forensic now supports logical volumes for Macintosh systems. When connecting to
systems via servlets, the servlet interacts with the operating system to address the volume.
Macintosh logical volumes can include single disks, RAIDs, and encrypted volumes.

Enhanced Tablet Support
EnCase Forensic Version 7.06 adds support for the following tablets:

Artifact support has been expanded to include the ability to process Android physical evidence
files (E01) and produce logical evidence files (L01) containing common smartphone categories:
contacts, messages, call logs, and calendars. The result is a byte-for-byte copy of the device data
partition and a navigable file/folder hierarchy.

Encryption Support
EnCase Forensic now supports the following encryption products:

Court Vetted
EnCase Enterprise preserves data in an evidence file format (LEF or E01) with an unsurpassed record of court acceptance.

EnCase eDiscovery
Version 5 is the latest release of EnCase® eDiscovery, the leading enterprise e-discovery solution that provides everything from legal-hold and collection to review and production, delivering potentially relevant electronically stored evidence (ESI) and results that are accurate, defensible, and repeatable. EnCase eDiscovery V5 includes several new features and enhancements to help you and your e-discovery team significantly lower costs, reduce risk, and swiftly gather more types of information in more languages and from more locations than before.

Improved Unicode support enables the following for data in all known foreign languages:

o Indexing
o Searching
o Displaying

Cast a wider net for faster and more complete collection

Key Features for IT

Key Feature

Function / Description

Benefits

ENHANCED: Centralized Examiner Management

Centralized examiner management is implemented as a true Windows service

Enables examiners to more quickly resume work from the point of interruption in case of system issues

ENHANCED: Foreign Language Index Support

Improved Unicode support enables the following for data in all known foreign languages:

Indexing

Searching

Displaying

Able to handle global data sets with one solution

NEW: Additional Connectors

Amazon S3

IBM Connections

Lotus Quickr

Collect from more sources more easily

ENHANCED: Web API Methods

More methods associated with custodians and cyber security investigations are exposed in the web API

Gives you greater flexibility to create custom workflows

NEW: Support for MS-Office Metadata Field

Data is now indexed by individual field, including Microsoft Office 2007 metadata fields

Search for a data value within a specific metadata field in Microsoft Office 2007

NEW: Encrypted Evidence Formats

E01 and L01 evidence formats are now available in encrypted versions as Ex01 and Lx01

Read and work with encrypted evidence

ENHANCED: Desktop Application Workflows

Streamlined workflow for collecting, processing, and delivering data

Greater efficiency and lower costs of legal-hold processes

Higher productivity for even non-technical and non-legal team members

EnCase Cybersecurity
EnCase Cybersecurity is the endpoint incident response and data auditing software solution designed to reduce costs and complexities associated with the incident response process and reduce the risk of exposing sensitive data to loss or theft.

When integrated with the alerting or event management solution of your choice, the power of EnCase Cybersecurity shines — the moment an alert or event is generated, real-time response automatically captures critical endpoint information before it has a chance to decay or disappear altogether — giving you the information you need to quickly and accurately determine what actually happened.

The EnCase Cybersecurity Advantage:

From the initial investigation through triage to remediation, EnCase Cybersecurity fully addresses endpoint incident response and is the preferred solution for government agencies and leading financial, retail and entertainment organizations

Integrates with any security event management or alerting system to enable automated, real-time response, allowing you to capture critical endpoint data the moment an alert is generated, even if it happens at 2 a.m.

Built upon gold-standard EnCase Forensic technology, EnCase Cybersecurity exposes both unknown threats, artifacts related to an incident and sensitive data residing on endpoints, no matter how well hidden

EnCase Portable
EnCase Portable is a powerful solution, delivered on a USB device, that allows forensic professionals and non-experts to quickly and easily triage and collect vital data in a forensically sound and court-proven manner

Increase Your Reach
Extend the reach of your investigation, e-discovery, incident response, or IT teams without sending experts into the field. Based on the situation, EnCase® Portable can be used in Easy Mode for non-experts, or Advanced Mode to create and edit configurations in the field.

Forensically Sound Triage and Collection
Triage and collect while preserving metadata and maintaining evidence integrity. Collected data is preserved in the court-vetted EnCase® evidence file format; the most trusted format in the forensic community.

Fast, Powerful Triage
Instantly and easily view images, documents, and other digital evidence found on a target computer.

Customizable Collection Configuration
Use keywords, metadata, hash values, and other criteria to perform targeted collection, as well as full-disk imaging and memory acquisition.

Dual Triage and Collection Modes
Live mode – collect memory from running computers
Boot mode – collect from computers that are turned off